Corporate Compliance Risk Assessment
摘要
At present, there are two prevailing theoretical models concerning the nature and function of corporate compliance: the management-based compliance model and the risk-based compliance model. The former is commonly applied in the context of autonomous compliance, where compliance is defined as the enterprise’s adherence to legal and regulatory rules. This model emphasizes a comprehensive inventory of compliance obligations, with the aim of achieving full coverage across employees, business functions, and operational processes—thereby fulfilling the overarching objective of lawful and rule-based corporate governance. By contrast, the risk-based compliance model is typically adopted in the context of compliance remediation, particularly by enterprises that have been implicated in legal or regulatory violations. Under this model, compliance is conceptualized as a compliance risk control system, with emphasis placed on identifying the specific risks an enterprise faces and developing targeted compliance programs accordingly. The objective is to establish a system capable of effectively preventing, monitoring, and mitigating compliance risks.